Lucene search
DebianCVELIST:CVE-2006-4244HistoryAug 31, 2006 - 1:00 a.m.
CVE-2006-4244
2006-08-3101:00:00
debian
www.cve.org
6
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.
References
secunia.com/advisories/21689
securityreason.com/securityalert/1472
www.securityfocus.com/archive/1/444741/100/0/threaded
www.securityfocus.com/archive/1/445512
www.securityfocus.com/bid/19758
www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What%27s%20New
exchange.xforce.ibmcloud.com/vulnerabilities/28671
Related
packetstorm
packetstorm
sqlledger.txt
2006-09-08 00:00:00
LedgerSMB.txt
2006-09-13 00:00:00
seebug
seebug
SQL-Ledgerιͺθ―η»θΏζΌζ΄
2006-12-14 00:00:00
cve
cve
CVE-2006-4244
2006-08-31 01:04:00
nvd
nvd
CVE-2006-4244
2006-08-31 01:04:00
ubuntucve
ubuntucve
CVE-2006-4244
2006-08-31 00:00:00
securityvulns
securityvulns
LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution
2006-09-13 00:00:00
debiancve
debiancve
CVE-2006-4244
2006-08-31 01:04:00
freebsd
freebsd
sql-ledger -- multiple vulnerabilities
2006-12-17 00:00:00
openvas
openvas
Debian Security Advisory DSA 1239-1 (sql-ledger)
2008-01-17 00:00:00
FreeBSD Ports: sql-ledger
2008-09-04 00:00:00
FreeBSD Ports: sql-ledger
2008-09-04 00:00:00
osv
osv
sql-ledger
2006-12-17 00:00:00
nessus
nessus
FreeBSD : sql-ledger -- multiple vulnerabilities (0679deeb-8eaf-11db-abc9-0003476f14d3)
2006-12-30 00:00:00
Debian DSA-1239-1 : sql-ledger - several vulnerabilities
2006-12-18 00:00:00
debian
debian
[SECURITY] [DSA 1239-1] New sql-ledger packages fix arbitrary code execution
2006-12-17 15:21:18